Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!gatech!mit-eddie!genrad!decvax!ucbvax!hoptoad!gnu From: gnu@hoptoad.uucp (John Gilmore) Newsgroups: comp.misc,misc.headlines Subject: Re: Hacker Scholarship Message-ID: <2318@hoptoad.uucp> Date: Fri, 19-Jun-87 09:21:21 EDT Article-I.D.: hoptoad.2318 Posted: Fri Jun 19 09:21:21 1987 Date-Received: Mon, 22-Jun-87 02:30:58 EDT References: <2757@mtgzz.UUCP> <345@genesis.UUCP> Organization: Nebula Consultants in San Francisco Lines: 57 Xref: mnetor comp.misc:702 misc.headlines:697 A.B.Sherman, apparantly from AT&T, complained about Steve Wozniak giving a $100K/yr scholarship for young hackers. [I can't cross-post to att.workplace from here, sorry.] Indeed, Woz used to hack the phone system. But I don't think he committed much "toll fraud" in the sense of getting communications service for free. Just like many people who use other peoples' computers don't use them to make money, just use them to learn on. This is often encouraged in the computer community; we all learn faster, and bright kids get to play with 'the real stuff' so by the time they get a job they will know a lot about what's going on. Woz was exploring how the phone network is built, as we might explore the wonders of tty handling, the contents of /lib, or the rare treasures of comp.binaries.ibm.pc. > It is one > thing to figure out how to become root. It is quite another to use > that knowledge to make it impossible for other people (NOT faceless > representatives of Ma Bell, but PEOPLE) to do their work. Somebody > who thinks it's cute to cream the root file system... Woz's comments in the article were pretty clear. "There is a misconception that hackers are dangerous to society," Wozniak said. "They are just trying to do things that they are not supposed to be able to do." He wants to reward young people who explore the limits of today's technology and find its weaknesses. (It's up to us, who develop tomorrow's technology, to fix what they find. You can't claim somebody is ripping you off if you leave your door wide open. The kids will probably be glad to help us.) Woz is not out to teach kids how to destroy a system, but how to learn about a system. That knowledge can be used for Good or E-vill as can all knowledge. Nobody will be teaching how to cream root file systems. > However toll fraud is now a multi-million dollar industry that is no > longer cute, no longer funny and no longer tolerable to our > business. OK, toll fraud is no longer tolerable to your business. Why don't you stop it? Stop assigning account numbers that are printed in directories in every home. Stop printing the security code (password) on the credit card. Allow the user to change the password. Basically, treat it like an access control rather than an unchecked billing number. About 1980, Sprint was massively hacked by youngsters. They were using 5-digit account numbers and assigning them in groups; with 15 minutes' work at a touchtone pad you could come up with 3 or 4 account numbers that worked fine for 'toll fraud'. After a year or two of this, Sprint wised up, lengthened the numbers, assigned them at random, and tacked on 2 more digits if you were not using your 'home CO', making brute force attack impractical. They didn't go yelling about blue boxes or buying congressmen to make 'hurting the phone company' a criminal offense, they fixed the problem. Why hasn't AT&T done this? -- {sun,ptsfa,lll-crg,ihnp4,ucbvax}!hoptoad!gnu gnu@ingres.berkeley.edu Kudos to Stargate for permitting redistribution. May the Source be with you!